Whale phishing

What is Whale Phishing? The Latest Email Security Threat

Whaling, or whale phishing, is a kind of phishing attack where hackers target executives and high profile end users, using social-engineering tactics to trick them into initiating financial transactions or divulging sensitive information. By targeting these “big fish”, whale phishing attacks take advantage of employees who have access to highly valuable or competitive information.

Whale phishing is on the rise in the U. S., with whaling attack scams up to 270% from January to August 2015 and more than $800 billion in business losses in the six months after August 20151. The most sophisticated whale phishing attacks are often more difficult to detect than standard phishing schemes because they rely solely on social-engineering to trick their targets and don’t contain a malicious hyperlink or weaponized attachment.

In this new threat environment, whaling security requires innovative solutions to prevent CEO fraud and protect the organization.

Mimecast’s whale phishing solution scans all incoming email as it passes through the Mimecast secure email gateway. Mimecast evaluates several key components of each message, including the display name, domain name, domain age and the body of the email to evaluate whether the email could be a social-engineering attack. If the email fails one or more of these tests, Impersonation Protect can bounce the message, quarantine it or notify and users that it may be suspicious.